connect icon indicating copy to clipboard operation
connect copied to clipboard

Published 20 hours ago verified publisher icon anvilresearch

authorizedScope, allow for no role scopes

Open ikb42 opened this issue 9 years ago • 2 comments

not allowing for this case can cause a crash

ikb42 avatar Apr 07 '16 16:04 ikb42

@ikb42 can you describe what's happening in a little more detail? I'm not sure I understand "no role scopes". We're handling these "unassigned" scopes in Scope.determine() method:

https://github.com/anvilresearch/connect/blob/master/models/Scope.js#L46-L85

christiansmith avatar Apr 07 '16 20:04 christiansmith

In the case that the subject client has been assigned a role but the role has no permitted scopes. If this subject and a scope is then passed to Scope.determine, then subject.authorizedScope will return [ undefined ] which will then crash in Scope.determine on line found = found || (result.indexOf(scope.name) !== -1).

ikb42 avatar Apr 08 '16 11:04 ikb42